CN106165506B - Computing device, method and storage medium for identifying rogue access points - Google Patents

Computing device, method and storage medium for identifying rogue access points Download PDF

Info

Publication number
CN106165506B
CN106165506B CN201380077624.7A CN201380077624A CN106165506B CN 106165506 B CN106165506 B CN 106165506B CN 201380077624 A CN201380077624 A CN 201380077624A CN 106165506 B CN106165506 B CN 106165506B
Authority
CN
China
Prior art keywords
access point
computing device
access
location
rogue
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201380077624.7A
Other languages
Chinese (zh)
Other versions
CN106165506A (en
Inventor
X·潘
J·利普曼
R·A·科尔比
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Publication of CN106165506A publication Critical patent/CN106165506A/en
Application granted granted Critical
Publication of CN106165506B publication Critical patent/CN106165506B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/023Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0205Details
    • G01S5/0236Assistance data, e.g. base station almanac
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0205Details
    • G01S5/0242Determining the position of transmitters to be subsequently used in positioning
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0205Details
    • G01S5/0244Accuracy or reliability of position solution or of measurements contributing thereto
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/80Jamming or countermeasure characterized by its function
    • H04K3/90Jamming or countermeasure characterized by its function related to allowing or preventing navigation or positioning, e.g. GPS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management
    • H04W64/006Locating users or terminals or network equipment for network management purposes, e.g. mobility management with additional information processing, e.g. for direction or speed determination
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W72/00Local resource management
    • H04W72/04Wireless resource allocation
    • H04W72/044Wireless resource allocation based on the type of the allocated resource
    • H04W72/046Wireless resource allocation based on the type of the allocated resource the resource being in the space domain, e.g. beams
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/14Determining absolute distances from a plurality of spaced points of known location
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Abstract

A technique for identifying rogue access points having true locations of different registered locations includes a computing device for receiving, from a corresponding access point, a unique identifier for each of a plurality of access points within a communication range of the computing device. The communication device determines a registered physical location of the access point based on the unique identifier. Further, the computing device determines a reference distance between the computing device and each access point based on the transmission signals received from each corresponding access point and determines a spatial distance between each access point and each other access point based on the registered locations of the access points. Based on the spatial distance and the reference bureau, the computing device identifies which access points are rogue access points.

Description

Computing device, method and storage medium for identifying rogue access points
Background
Location-based services are continually being integrated into myriad applications for mobile computing devices. Thus, in order to provide beneficial services, the location of the computing device needs to be accurately determined. Trilateration is a method of determining the relative or geodetic position of a computing device relative to a plurality of reference points having known locations. For example, a computing device attempts to determine its location using trilateration methods that give its relative distances to multiple reference points in the area. Typically, the computing device retrieves the location of the reference point from an external public database or the reference point itself.
The presence of illegal reference points can seriously affect the accuracy of the trilateration algorithm. An external database storing data about reference point locations may have incorrect information due to human error or malicious program attacks. For example, an adversary may employ the wrong location of the reference point to "pollute" the location database and/or cause the reference point itself to provide the wrong location notification. Based on this "contaminated" location data, the resulting location of the computing device will likely be erroneous.
Drawings
The concepts described herein are illustrated by way of example and not by way of limitation in the figures of the accompanying drawings. For simplicity and clarity of illustration, elements illustrated in the figures are not drawn to scale. Where considered appropriate, reference numerals have been repeated among the figures to indicate corresponding or analogous elements.
FIG. 1 is a simplified block diagram of at least one embodiment of a system for identifying rogue access points;
FIG. 2 is a simplified block diagram of at least one embodiment of an environment of a computing device of the system of FIG. 1;
FIG. 3 is a simplified flow diagram of at least one embodiment of a method for identifying rogue access points on a computing device of the system of FIG. 1;
FIG. 4 is a simplified flow diagram of at least one embodiment of a method for identifying and excluding rogue access points based on spatial distances and reference distances on a computing device of the system of FIG. 1;
FIG. 5 is a simplified flow diagram of at least one embodiment of a method for determining whether an access point is rogue based on a calculated degree of correlation of computing devices of the system of FIG. 1;
FIGS. 6 and 7 are simplified flow diagrams of at least one other embodiment of a method for identifying and excluding rogue access points based on spatial distances and reference distances on a computing device of the system of FIG. 1; and
FIG. 8 is a simplified spatial diagram of at least one embodiment of the system of FIG. 1.
Detailed Description
While the concepts of the present invention are susceptible to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and are herein described in detail. It should be understood, however, that there is no intention to limit the inventive concepts to the specific forms disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention as defined by the appended claims.
References in the specification to "one embodiment," "an illustrative embodiment," etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may or may not include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
The disclosed embodiments may be implemented, in some cases, in hardware, firmware, software, or any combination thereof. The disclosed embodiments may also be implemented as instructions carried on or stored in a transitory or non-transitory machine-readable (e.g., computer-readable) storage medium, which may be read and executed by one or more processors. A machine-readable storage medium may be implemented as any memory device, mechanism, or other physical structure for storing or transmitting information in a form readable by a machine (e.g., a volatile or non-volatile memory, a media disk, or other media device).
In the drawings, some structural or methodical features may be shown in a particular configuration and/or order. However, it should be appreciated that this particular configuration and/or order is not required. Rather, in some embodiments, these features may be arranged in a different manner and/or order than shown in the schematic drawings. Moreover, the inclusion of structural and methodical features in particular figures is not intended to be required in all embodiments to illustrate that such features are not included or may be combined with other features in some embodiments.
Referring now to fig. 1, a system 100 for identifying rogue access points includes a computing device 102, a network 104, a plurality of access points 106, and a location database 108. In use, as will be discussed in greater detail below, the computing device 102 is used to filter or otherwise exclude rogue access points to allow the computing device 102 to more accurately determine its location using, for example, trilateration techniques. The computing device 102 may be implemented as any type of computing device 102 capable of establishing a communication link with the access point 106 and performing the functions described herein. For example, the computing device 102 may be implemented as a cellular phone, a smart phone, a tablet computer, a notebook computer, a personal digital assistant, a mobile internet device, a desktop computer, and/or any other computing/communication device. As shown in FIG. 1, the illustrative computing device 102 includes a processor 110, an input/output ("I/O") subsystem 112, a memory 114, a data storage 116, communication circuitry 118, one or more sensors 120, and one or more external devices 122. Of course, in other embodiments, computing device 102 may include other or additional components, such as those typically found in a typical computing device (e.g., various input/output devices). In addition, in some embodiments, one or more of the illustrative portions may be incorporated in, or a portion of, other components. For example, in some embodiments, the memory 114, or a portion thereof, is incorporated into the processor 110.
Processor 110 is implemented as any type of processor capable of performing the functions described herein. For example, the processor is implemented as a single or multi-core processor(s), digital signal processor, microcontroller, or other processor or processing/control circuit. Similarly, the memory 114 may be implemented as any kind of volatile or non-volatile memory or memories capable of performing the functions described herein. In operation, the memory 114 may store various data and software used during operation of the computing device 102, such as operating systems, applications, programs, libraries, and drivers. Memory 114 is communicatively coupled to processor 110 through I/O subsystem 112, which may be implemented as circuits and/or components to enable input/output operations with processor 100, memory 114, and other components of computing device 102. For example, the I/O subsystem 112 may be implemented as, or otherwise include, a memory controller hub, an input/output control hub, a firmware device, a communication link (i.e., a point-to-point link, a bus link, a wire, a cable, a light guide, a printed circuit board), and/or other components or subsystems to implement input/output operations. In some embodiments, the I/O subsystem 112 may form part of a system on a chip (SoC) and be integrated together with the processor 110, memory 114, and other components of the computing device 102 onto a single integrated circuit chip.
The data storage 116 may be implemented as any type of device or devices configured as short or long term storage of data, i.e., memory devices and circuits, memory cards, hard drives, solid state devices, or other data storage devices, for example. As shown in fig. 1, the data store 116 includes a location database 124. As discussed below, the computing device 102 may record the location of the computing device 102 in the location database 124 after each trilateration or other location determination process. Further, sensor data related to the position or motion of the computing device 102 is stored in the location database 124 for use, for example, in implementing the methods described herein. In some embodiments, the registered location data for the inherent access point 106 may be stored in the location database 124 and used by the computing device 102 alternatively or additionally to the location database 108.
The communication circuitry 118 of the computing device 102 is implemented as any communication circuitry, device, or combination thereof capable of enabling communication between the computing device 102 and other remote devices (e.g., access point 106) over the network 104. The communication circuitry 118 is configured to enable communication using any one or more communication technologies (e.g., wireless or wired communication) and associated protocols (e.g., Ethernet, Bluetooth, Wi-Fi, WiMAX, etc.). As discussed below, the computing device 102 may, in some embodiments, communicate with Wi-Fi access points having known locations to perform illegal identification and/or trilateration techniques.
The one or more sensors 120 collect data about various contexts (e.g., physical, environmental, etc.) of the computing device 102. For example, the sensor(s) 120 may determine a velocity of the computing device 102, which may be recorded in the location database 124. The sensors 120 may include, for example, proximity sensors, optical sensors, light-sensitive sensors, audio sensors, temperature sensors, thermistors, motion sensors, piezoelectric sensors, and/or other types of sensors. Of course, the computing device 102 also includes devices configured for use with the sensors 120. One or more external devices 122 of computing device 102 may include any number of additional peripheral or interface devices. The particular devices included in external device 122 may depend, for example, on the type and/or desired use of computing device 102.
The network 104 may be implemented as any kind of telecommunications network capable of enabling communication between the computing device 102 and the access point 106. As such, network 104 may include one or more networks, routers, switches, computers, and/or other intermediary devices. For example, the network 104 may be implemented as or otherwise include one or more cellular networks, telephone networks, local or wide area networks, public global networks (e.g., the internet), and ad hoc networks, or any combination thereof. In the illustrative embodiment, the network 104 is implemented as a short-range wireless communication network or link.
The system 100 also includes a plurality of access points 106 implemented as network access points, such as Wi-Fi®An access point. In the illustrative embodiment, system 100 includes at least three access points 106 that are used to determine the location of computing device 102 through trilateration. However, it can be appreciated that in other embodiments, system 100 may include a greater or lesser number of access points 106 implemented as any type of computing device capable of performing the functionality described herein. As such, access point 106 may be implemented as any computing device having a registered (i.e., logged or otherwise known) physical location. Thus, in some embodiments, the access point 106 may be similar to the computing device 102 described above. For example, each access point 106 is implemented as a server, router, network bridge, web portal device, desktop computer, cellular telephone, smart phone, or the like,Tablet computers, laptop computers, personal digital assistants, mobile internet devices, and/or any other computing/communication device. In addition, access point 106 also includes components similar to those of computing device 102 described above. The description of these components of the computing device 102 is equally applicable to the description of the components of the access point 106 and is not repeated here for clarity of the description. Further, it may be appreciated that access point 106 may include other components, subcomponents, and devices commonly found in computing devices that are not described herein by reference to computing device 102 and are not described herein for clarity of description. In addition, access point 106 may include different, or fewer, components than those of computing device 102. For example, each access point 106 may or may not include a sensor 120 and/or an external device 122. As will be discussed in detail below, the computing device 102 may utilize the registered locations of the access points 106 to determine whether any of the access points 106 are rogue access points (i.e., access points that have incorrect address data associated with them). In so doing, for each access point 106, the computing device 102 determines whether the registered location data corresponding to the access point 106 is accurate. As discussed above, incorrect location data may be stored for access point 106. As such, the system 100 allows the computing device 102 to determine whether the registered address is the same as the true location of the access point 106.
The location database 108 stores registered location data for one or more access points 106 that is retrieved by the computing device 102 to identify which, if any, of the access points 106 are rogue. According to particular embodiments, location database 108 may store relative location data regarding access point 106 (e.g., locations relative to other known locations), absolute location data regarding access point 106 (e.g., latitude-longitude geodetic coordinates), and/or combinations thereof. Thus, in some embodiments, the computing device 102 retrieves location data from more than one location database 108 to determine the location of a particular access point 106. The location database 108 may be implemented as any combination of hardware, software, and/or firmware suitable for performing the functions described herein. For example, in some embodiments, location database 108 may be implemented as a standalone database server computer. Furthermore, although only one computing device 102, one network 104, and one location database 108 are schematically illustrated in fig. 1, in some embodiments, the system 100 may include additional computing devices 102, networks 104, and/or location databases 108. For example, in some embodiments, computing device 102 may retrieve location information for access point 106 from multiple location databases 108.
Referring now to fig. 2, in use, the computing device 102 of the system 100 establishes an environment 200 for identifying rogue access points. The environment 200 in the illustrative embodiment includes a location determination module 202, a communication module 204, and a location database 124. In addition, the location determination module 202 includes an access point authentication module 206 and a motion tracking module 208. Each of the location determination module 202, the communication module 204, the access point authentication module 206, and the motion tracking module 206 may be implemented as hardware, software, firmware, or a combination thereof.
As will be described in greater detail below, the location determination module 202 determines the location of the computing device 102 based on the location and/or signals of the access points 106. For example, in some embodiments, the location determination module 202 implements a trilateration algorithm based on the locations and/or signals of at least three access points 106. In other embodiments, the location determination module 202 may use other suitable location determination techniques. In so doing, the accuracy of the location determination of the computing device 102 is improved by using only accurate location data about the respective access point 106. Thus, as described below, the access point authentication module 206 identifies which, if any, of the access points 106 are rogue access points.
The communication module 204 facilitates communication between the computing device 102 and a remote device (e.g., access point 106) via the network 104. As described below, the communication module 204 may receive unique identifiers from a plurality of access points 106 within a communication range of the computing device 102 with the access points 106. The identifier may be implemented as any data that is used by the computing device 102 to uniquely identify a particular access point 106. For example, the unique identifier is implemented as a Media Access Control (MAC) address of a particular access point 106 that is received by the communication module 204 of the computing device 102 using a beacon frame of the access point 106. Further, in some embodiments, one or more access points 106 may broadcast their location using, for example, a protocol under the Institute of Electrical and Electronics Engineers (IEEE)802.11v standard, which is received through communication module 204. In this embodiment, the broadcast location is used to be stored in an alternative to the registered location of the location database 108. In other embodiments, the location of the broadcast and the registered location are used in conjunction with each other to determine whether the access point 106 is rogue.
The access point authentication module 206 determines the registered physical location of each access point 106 based on the unique identifier of each access point 106. For example, access point authentication module 206 may query one or more location databases 108, 124 based on the unique identifier to retrieve location data corresponding to the location (or rogue location) of each access point 106. In addition, access point authentication module 206 determines spatial distances between each access point 106 and one or more other access points 106 based on the retrieved registration locations of access points 106. In determining the spatial distance between two access points 106, access point authentication module 206 may compare the registered locations of the two access point locations 106. For example, in an embodiment including three access points (e.g., A, B and C), the access point authentication module 206 determines the spatial distances between A and B, B and C, and A and C. The access point verification module 206 may use any suitable algorithm and/or other data (e.g., map data, distance data, vector data, etc.) to determine the spatial distance between the access points 106.
The access point verification module 206 also determines a reference distance between the computing device 102 and each of the access points 106 based on the transmission signals received from each corresponding access point 106. The reference distance indicates a distance between the computing device 102 and the access point 106 and may be determined, for example, based on received signal strength and/or time of flight of the transmitted signal. In one embodiment, the access point authentication module 206 uses the free space path loss to determine a reference distance between the computing device 102 and the access point 106. Based on the spatial distance and the reference distance, the access point verification module 206 identifies which access points 106 are rogue access points. In doing so, the access point authentication module 206 may determine the degree of correlation for each access point 106, as described herein. In another embodiment, as described below, the access point authentication module 206 may determine whether the access point 106 is illegitimate based on motion of the computing device 102 and/or pre-established security areas for the access point 106. In some embodiments, the access point verification module 206 may tag, mark, or otherwise identify rogue access points such that these access points 106 are not used, for example, for location determination applications and services.
The motion tracking module 208 may track motion and/or other inertial characteristics of the computing device 102. For example, the motion tracking module 208 may store the location of the computing device 102 after each determination (e.g., trilateration). Further, the motion tracking module 208 may determine the motion or possible motion of the computing device 102 from the computing device 102 being located at a previously stored location. In doing so, the motion tracking module 208 may use one or more sensors 120. For example, in one embodiment, the velocity of the computing device 102 may be perceived and used to calculate a possible motion of the computing device 102 from the computing device 102 being at a previous location. In doing so, the motion tracking module 208 may multiply the velocity by the total time that has elapsed since the computing device 102 was located at the previously stored location. In some embodiments, an average or specified velocity (e.g., two meters per second for humans) is used. In yet another embodiment, the density of access points 106 in the area around the computing device 102 (i.e., the average distance between adjacent access points 106) may be used to determine the motion or likely motion of the computing device 102.
Referring now to fig. 3, in use, the computing device 102 of the system 100 can perform a method 300 for identifying rogue access points. The exemplary method 300 begins at block 302 where the computing device 102 discovers neighboring access points 106. For example, the access point 106 transmits a beacon frame over the wireless network 104, which may be received by the computing device 102. In another embodiment, computing device 102 transmits an interrogation signal that generates a response from a neighboring (i.e., within communication range) access point 106. As described above, various communication protocols and networks 104 may be used in different embodiments. Thus, the communication range of the computing device 102 varies depending on the characteristics of the particular communication network. Of course, in other embodiments, another method of discovering neighboring access points 106 may be used. It may be appreciated that some access points 106 may be within communication range of the computing device 102 but do not provide a unique identifier to the computing device 102. Thus, those access points 106 may be ignored by the computing device 102.
In block 304, the computing device 102 receives a unique identifier from the discovered access point 106. As described above, the unique identifier may be, for example, the MAC address of the access point 106. In block 306, based on the unique identifiers received from the access points 106, the computing device 102 determines registered addresses for those access points 106. In doing so, in block 308, the computing device 102 may, for each access point 106, retrieve location data from the location database 108 indicating the registered physical location of the access point 106. As noted above, in some embodiments, the access point 106 may notify or otherwise broadcast its location using, for example, the IEEE 802.11v protocol. In this embodiment, the broadcast address may alternatively or additionally be used for the registered physical location from the location database 108.
In block 310, the computing device 102 determines a spatial distance between the access points 106 based on the registered addresses of the access points 106. In particular, the computing device 102 determines spatial distances between each access point 106 and each of the other access points 106 that may be used in the location determination of the computing device 102 (e.g., via trilateration). In other embodiments, the computing device 102 may determine a subset of those spatial distances. That is, the access points 106 used in the location determination for the computing device 102 may be, for example, a subset (i.e., all or part) of the access points 106 whose unique identifiers have been received. As described above, in determining the spatial distance between two access points 106, the computing device 102 may compare the registered location between the two access points 106. For simplicity, the spatial distance between access points 106, APi and access points 106, APj may be denoted herein as DISTSPATIAL (APi, APj).
In block 312, the computing device 102 determines a reference distance between the computing device 102 and each access point 106 based on the transmission signals received from each corresponding access point 106. As described above, the reference distance may be determined based on the received signal strength of the transmitted signal and/or the time of flight of the transmitted signal. That is, the strength of the signal received by the computing device 102 from the access point 106 varies (e.g., decreases) as the distance between the computing device 102 and the access point 106 varies (e.g., increases). Thus, the computing device 102 may determine the distance between the computing device 102 and the access point 106 using, for example, a function and/or a look-up table for signal strength. In one embodiment, the computing device 102 determines the reference distance using a free space path loss model. Alternatively, given a known velocity of the transmitted signal, the time of flight of the signal is used to determine the distance the signal has travelled between the time of transmission and the time of reception. In this embodiment, the access point 106 may, for example, timestamp the transmission packet for use in determining the reference distance. For simplicity, the reference distance between the access point 106, APi, and the computing device 102 is denoted herein as distef (APi, CD).
In block 314, the computing device 102 identifies and excludes rogue access points based on the spatial distances and the reference distances determined in blocks 310 and 312. To do so, the computing device 102 performs a method 400 for identifying and eliminating rogue access points as shown in fig. 4. That is, the computing device 102 identifies which, if any, access points 106 are rogue access points and excludes them from the algorithm for trilateration and/or other location determination.
The illustrative method 400 begins at block 402, where the computing device 102 determines whether a rogue access point is detected. If so, the computing device 102 may determine whether each access point 106 is rogue by performing a rogue detection technique on the access points 106. As such, at block 404, the computing device 102 selects the next access point 106, APi. Of course, in the first loop of block 404, the next access point 106 may be any access point 106, which may be randomly selected or selected using a suitable selection method. Upon selecting an access point 106, the computing device 102 determines whether the selected access point 106, APi, is illegal based on the calculated correlations for the access point 106. In some embodiments, the degree of correlation indicates the possibility of an access point 106, an APi's registration address being incorrect and the APi being, therefore, an illegal access point. It will be appreciated that any suitable algorithm or technique may be used to calculate the degree of correlation. For example, in an exemplary embodiment, the computing device 102 may perform the method 500 for calculating the relevance of an APi.
The illustrative method 500 begins at block 502, where the computing device 102 initializes a relevance. That is, the degree of correlation is assigned a value (e.g., zero or one) as a base value, which may be modified later. Of course, in some embodiments, the degree of correlation may be determined without being initialized. In the exemplary embodiment, the degree of correlation is initialized to one, which represents the correlation of the access point with itself. Further, it can be appreciated that the exemplary embodiment of fig. 5 implements a scheme where negative values indicate that the distances are inconsistent with other distances and thus due to rogue access points in the system 100. Of course, in other embodiments, other schemes may be used.
In block 504, upon initializing the correlation, the computing device 102 selects the other access point 106, APj instead of the access point 106, APi selected in block 404 of fig. 4. In block 506, the computing device 102 determines whether a spatial distance between the access point 106, APi and the access point 106, APj based on the corresponding registered location is inconsistent with a reference distance between the computing device 102 and each of the APi and APj based on the transmitted signal. For example, the computing device 102 determines whether the spatial distance between APi and APj satisfies the inequality:
DISTSPATIAL(APi,APj)≤DISTREF(APi,CD)+DISTREF(APj,CD)。
in other words, the computing device 102 determines whether the spatial distance and the reference distance satisfy a triangle inequality that specifies that the length of any two sides must be equal to or greater than the length of the other remaining sides. More specifically, assuming the reference distance, distef (APi, CD), between the computing device 102 and the access points 106, APi, and the reference distance distef (APj, CD), the exact, spatial distance, DISTSPATIAL (APi, APj), between the computing device 102 and the other access points 106, APj must be less than or equal to the sum of these reference distances.
If the inequality is satisfied and/or the spatial distance is determined to otherwise coincide with the reference distance, the computing device increases the degree of correlation (e.g., by one) in block 508. However, if the equation is not satisfied, in block 510, the computing device 102 reduces the degree of correlation (e.g., by one). In block 512, the computing device 102 determines whether any other access points 106, APj, remain. If so, the method 500 returns to block 504, where the computing device 102 selects other access points 106 than those access points 106 previously selected. In other words, the computing device 102 determines whether the spatial distance between the access point 106, APi and each of the other access points 106, APj is satisfied according to the inequality discussed at block 506.
If no other access points 106, APj remain, the computing arrangement 102 determines whether the correlation for the access point 106, APi is below a threshold in block 514. If the correlation is below the threshold, the computing device 102 identifies the access point 106, APi as a rogue access point in block 516. Otherwise, the APi is deemed a secure, non-rogue or otherwise authorized/authenticated access point 106. For example, in an exemplary embodiment, the threshold is one. Thus, if an access point 106, APi has a correlation less than or equal to zero (equal to or less than one in an integer-based system), the access point 106, APi is considered a rogue access point.
Referring back to fig. 4, after determining whether the access point 106 is based on the correlation in block 406, the APi is illegal, the computing device 102 determines whether additional access points 106 remain in block 408. If so, the method 400 returns to block 404, where the computing device 102 selects the next access point 106, the APi, instead of the access point 106 that has already been selected. In other words, the computing device 102 determines a degree of correlation for each access point 106 and determines whether the access point 106 is illegitimate based on the degree of correlation.
At block 410, the computing device 102 determines whether all of the access points 106 have been identified as rogue access points. If not, at block 412, the computing device 102 excludes rogue access points from the determination of the location of the computing device 102. That is, any location determination algorithm (e.g., trilateration) excludes rogue access points from their calculations. Alternatively, only authenticated access points 106 (i.e., those that are not identified as illegitimate) are used in these calculations. As described above, the exclusion of rogue access points allows the location of the computing device 102 to be more accurately calculated, which improves, for example, the use of location-based services or applications. This situation may not be ideal for determining the true location of the computing device 102 if all of the access points 106 are determined to be rogue access points. However, in some embodiments, in block 414, the computing device 102 selects a percentage portion (e.g., 50%) of rogue access points for use in location determination. For example, the computing device 102 may select 50% of the rogue access points with the greatest correlation. It can be appreciated that in an exemplary embodiment, rogue access points are more likely to be secure from computation than other rogue access points with lower correlation. The percentage of rogue access points selected may be pre-established by the computing device 102 or generated based on characteristics of the access points 106. In another embodiment, the computing device 102 may disable the location determination technique if all access points are identified as rogue access points.
Referring back to fig. 3, in block 314, the computing device 102 identifies and excludes rogue access points. As described above, to this end, the computing device 102 executes the method 400 shown in FIG. 4. In another embodiment, the computing device 102 performs the method 600 for identifying and eliminating rogue access points shown in fig. 6 and 7. As described below, the method 600 considers one or more previous locations of the computing device 102 starting from a time when the computing device 102 was located at one of the previous locations (e.g., when the previous location data was stored) and possible movement of the computing device 102. It can be appreciated that in some embodiments, the method 600 reduces the amount of computation required to determine whether the registration location of the access point 106 is verified or illegitimate.
The illustrative method 600 begins at block 602 of fig. 6, where the computing device 102 retrieves a previous location of the computing device 102 from the location database 124. As discussed above, after each cycle of trilateration or other location determination, the computing device 102 may store location data regarding the location of the computing device 102 in the location database 124. Of course, in other embodiments, the previous location of the computing device 102 may be stored in the external location database 108.
In block 604, the computing device 102 calculates the motion, or possible motion, of the computing device 102 from the computing device 102 being at the previous location. It may be appreciated that the computing device 102 may determine the motion of the computing device 102 using any suitable means. As described above, the computing device 102 may use the stored rate data and/or derived data for the computing device 102 (e.g., average rate) along with the amount of time that has elapsed since the computing device 102 was located at a previous location (e.g., indicated by a timestamp) to determine the motion of the computing device 102. For example, a person carrying the computing device 102 may be moving at an average speed of two meters per second as indicated by the sensor 120, starting from a previous position that was recorded twenty seconds ago. Thus, at this time, the computing device 102 may be moving at most about 40 meters (2 m/s 20 s). Of course, the person may simply walk around, resulting in zero displacement. In another embodiment, the computing device 102 may calculate the motion or possible motion of the computing device 102 based on various other features and/or measurements. For example, the likely motion may be calculated based on an average speed of something (e.g., a person, airplane, train, or car), based on a density of access points 106 in the vicinity of the computing device 102, and/or based on some other metric.
In block 606, the computing device 102 determines whether the calculated motion, or possible motion, of the computing device 102 exceeds a predetermined threshold. The threshold may be a statistical value (e.g., 10 meters) or a dynamic value (e.g., based on access point 106 density or average velocity of the computing device 102), depending on the implementation. If the calculated motion exceeds the threshold, the computing device performs the method 400 in block 608 to determine whether the access point 106 is an rogue access point based on the calculated correlations for each access point 106 as described above. However, if the motion does not exceed the threshold, the computing device determines a safe area based on the previous location of the computing device in block 610. Again, the security zone may be a statistical or dynamic value determined by the computing device 102. For example, a safe region may be defined as a region within a circle having the previous location of the computing device 102 as its center and a defined radius (e.g., 50 meters or twice the average distance between adjacent access points 106).
In block 612, the computing device 102 determines whether the number of access points 106 outside the secure area is greater than the number within the secure area. In doing so, the computing device 102 may, for each access point 106, compare a reference distance between the computing device 102 and the access point 106, e.g., to a radius determined by the security zone. In this embodiment, a reference distance greater than a radius of the secure area indicates that the access point 106 is outside the secure area. Similarly, a reference distance that is less than the radius of the security zone indicates that the access point 106 is within the security zone. If the computing device 102 determines that more access points 106 are outside of the secure area than are within the secure area, the computing device 102 performs the method 400 in block 608 to determine whether the access points 106 are rogue access points based on the correlation calculated for each access point 106 as described above.
Otherwise, the method 600 proceeds to block 614 of fig. 7, where the computing device 102 selects the next access point 106, APi. Of course, in the first cycle of block 614, the next access point 106 may be any access point 106. In block 616, the computing device 102 calculates a spatial distance DISTSPATIAL (APi, CD) between the access points 106, APi and the computing device 102 based on the previous location of the computing device 102, which may be calculated similarly to the spatial distance between the access points 106 calculated above.
In block 618, the computing device 102 determines whether the access point 106, APi, is within the secure area. As described above, the computing device 102 makes this determination based on, for example, the radius of the safe area and the reference distance between the computing device 102 and the APi. Of course, other suitable means for determining whether an APi is within a safe zone may be used in other embodiments. If access point 106, APi is determined to be within the secure zone, computing device 102 determines whether a reference distance between Computing Device (CD) 102 and access point 106, APi is less than a spatial distance between APi and a previous location of computing device 102 minus a possible motion (M) of computing device 102 from the previous location of computing device 102 in block 620. In other words, the computing device 102 determines whether the following inequality is satisfied:
DISTREF(APi,CD)<DISTSPATIAL(APi,CD)-M,
however, if the access point 106, APi, is outside the safe area, the computing device 102 determines whether a reference distance between the computing device 102 and the access point 106, APi is less than the sum of the possible motion of the computing device 102 and the spatial distance between the APi and the previous location of the computing device 102 in block 622. That is, the computing device 102 determines whether the following inequality is satisfied:
DISTREF(APi,CD)<DISTSPATIAL(APi,CD)+M,
if the access point 106, APi is within the secure area and the inequality of block 620 is satisfied, the computing device 102 identifies the access point 106, APi being an rogue access point in block 624. Similarly, if the access point 106, APi is outside the secure area and the inequality of block 622 is satisfied, the computing device 624 also identifies the APi as illegal in block 624. Otherwise, the access point 106, APi is determined to be an authenticated access point 106 and may be used, for example, for trilateration procedures. Since the possible motion of the computing device 102 may not be negative, it may be appreciated that from blocks 618 through 624, access points 106, APi within the secure area use corresponding inequalities that are more easily satisfied than those outside the secure area.
At block 626, the computing device 102 determines whether any other access points 106, APi, remain. If so, the method 600 returns to block 614, where the computing device 102 selects the next access point 106, APi. That is, the computing device 102 selects the access points 106 instead of those already selected. As such, each access point 106 may be analyzed and those rogue access points identified and excluded. Referring back to fig. 3, once the computing device 102 identifies and eliminates rogue access points (e.g., by the method 300 of fig. 3 or the method 600 of fig. 6 and 7), the computing device 102 may determine the location of the computing device 102 based on the remaining authenticated access points 106. As described above, the computing device 102 may implement trilateration techniques or any other suitable means for doing so.
Although the method described herein is directed to the computing device 102, the method is equally applicable to service-side applications. Furthermore, the method may be used with the database itself. For example, the server may implement the methods described herein, or variations thereof, to facilitate filtering rogue access points from, for example, a location database similar to location data 108.
Referring now to fig. 8, a simplified spatial schematic 800 of an embodiment of the system 100 is shown. In the illustrative embodiment, a computing device 102 and three access points 106 are shown. Specifically, access point 106A (AP 1), access point 106B (AP 2), and access point 106C (AP 3) are shown. As described above, an attacker may log erroneous data into location database 108 corresponding to the location of access point 106, send a fake beacon frame, or otherwise broadcast a fake address for access point 106 (e.g., via IEEE 802.11 v) thereby making access point 106 an rogue access point. Figure 8 shows this embodiment. Specifically, rogue point 802 corresponds to erroneous location data stored in or otherwise additionally provided to access point 106B. It should be appreciated that if illegal point 802 is used for trilateration algorithms, the location of computing device 102 may result in a false location 822 of computing device 102.
As described above, based on the registered locations of the access points 106A, 106C, the computing device 102 may determine a spatial distance 806 between the access points 106A, 106C. However, in determining the spatial distance 804 between the access points 106A, 106B, the location of the rogue point 802 (i.e., the registered location of the access point 106B) is used instead of the actual location of the access point 106B. Similarly, the location of rogue point 802 is used to determine spatial distance 808 between access points 106B, 106C.
Further, the computing device 102 may determine a reference distance 810 between the computing device 102 and the access point 106A. Based on the reference distance 810, the computing device 102 identifies that the access point 106A is located at some location along the circumference 812 rather than at a particular point on the circumference 812. Similarly, the computing device 102 may determine the reference distances 814, 818 and corresponding circumferences 816, 820. As described above, with reference distances 810, 814, 818 and spatial distances 804, 806, 808, the computing device 102 may determine whether any access points 106A, 106B, 106C are rogue. For example, the communication device 102 may implement the method 400 of fig. 4. In doing so, the computing device 102 determines a degree of correlation for the access point 106B. This correlation results in access point 106B being identified as a rogue access point, which can be seen in fig. 8, since the inequality described in block 506 of fig. 5 is not maintained for access point 106B. Thus, access point 106B will be excluded from the position determination algorithm.
Examples of the present invention
Illustrative examples of the techniques disclosed herein are provided below. Embodiments of the technology include one or more, and combinations thereof, of the examples described below.
Example 1 includes a computing device to identify rogue access points having a true location different from a registered location, the computing device including a communication module to receive, from each access point, a unique identifier for each access point of a plurality of access points within a communication range of the computing device; and a location determination module to (i) determine a registered physical location of each access point based on the unique identifier of each access point, (ii) determine a spatial distance between each access point and each other access point based on the registered physical locations of each access point and each other access point, (iii) determine a reference distance between the computing device and each access point based on transmission signals received from each corresponding access point, (iv) and identify rogue access points based on the reference distance between the computing device and each access point and the spatial distance between each access point and each other access point.
Example 2 includes the subject matter of example 1, and wherein the unique identifier comprises a media access control address of the corresponding access point.
Example 3 includes the subject matter of any one of examples 1 and 2, and wherein the communications module is to receive a beacon frame from each of a plurality of access points in a communications range, the beacon frame including a media access control address.
Example 4 includes the subject matter of any of examples 1-3, and wherein determining the registered physical location comprises querying a location database based on a unique identifier of each access point.
Example 5 includes the subject matter of any of examples 1-4, and wherein the location determination module is further to determine the physical location of the computing device based on registered physical locations of access points of the plurality of access points other than the identified rogue access point.
Example 6 includes the subject matter of any of examples 1-5, and wherein the location determination module is to perform a trilateration algorithm to determine the physical location of the computing device.
Example 7 includes the subject matter of any of examples 1-6, and wherein identifying rogue access points includes, for each access point, calculating a degree of correlation based on a correlation between a registered physical location of each access point and a transmission signal received from each access point by the computing device; and determining whether the access point is an illegal access point based on the calculated correlation.
Example 8 includes the subject matter of any of examples 1-7, and wherein the location determination module is further to exclude rogue access points from the determination of the physical location of the computing device in response to an identification that the access point is not a rogue access point.
Example 9 includes the subject matter of any of examples 1-8, and wherein the location determination module is further to select a percentage of access points with a highest degree of correlation in response to identifying each access point as a rogue access point.
Example 10 includes the subject matter of any of examples 1-9, and wherein calculating the degree of correlation includes initializing the degree of correlation and, for each other access point, determining whether a spatial distance between the access point and each other access point is greater than a sum of a reference distance between the access point and the computing device and a reference distance between each other access point and the computing device; decreasing the correlation in response to determining that the spatial distance between the access point and each of the other access points is greater than the sum; and increasing the correlation in response to determining that the spatial distance between the access point and each of the other access points is not greater than the sum.
Example 11 includes the subject matter of any of examples 1-10, and wherein the location determination module is to identify the access point as a rogue access point in response to determining that the corresponding degree of correlation is below a threshold.
Example 12 includes the subject matter of any of examples 1-11, and wherein identifying rogue access points includes, for each access point, calculating a correlation in response to the computing device exceeding a threshold from motion at a previously recorded location.
Example 13 includes the subject matter of any of examples 1-12, and wherein identifying rogue access points includes, for each access point, calculating a correlation in response to identifying more access points outside a predetermined security area than access points within the predetermined security area.
Example 14 includes the subject matter of any of examples 1-13, and wherein the location determination module is to retrieve location data indicative of a previous location of the computing device at the first time; and calculating the motion of the computing device from the first time.
Example 15 includes the subject matter of any of examples 1-14, and further comprising an inertial sensor to determine a velocity of the computing device, wherein the position determination module is to calculate the motion based on the velocity.
Example 16 includes the subject matter of any of examples 1-15, and wherein identifying rogue access points includes, for each access point, determining a spatial distance between each access point and a previous location of the computing device.
Example 17 includes the subject matter of any of examples 1-16, and wherein identifying rogue access points includes, for each access point, determining a security zone for the access point based on a previous location of the computing device; determining whether the access point is within the secure zone; identifying the access point as an rogue access point in response to determining that (i) the access point is within the secure area and (ii) a reference distance between the access point and the computing device is less than the calculated motion subtracted from the spatial distance between the access point and the computing device; and identifying the access point as an rogue access point in response to determining that (i) the access point is outside the secure area and (ii) a reference distance between the access point and the computing device is less than a sum of the calculated motion and a spatial distance between the access point and the computing device.
Example 18 includes the subject matter of any of examples 1-17, and wherein the safe zone is defined as a zone within a predetermined radius of a previous location of the computing device.
Example 19 includes a method for identifying rogue access points on a computing device, the method comprising receiving, with the computing device from each access point, a unique identifier for each access point of a plurality of access points within a communication range of the computing device; determining, on the computing device, a registered physical location of each access point based on the unique identifier of each access point; determining, on the computing device, a spatial distance between each access point and each other access point based on the registered physical locations of each access point and each other access point; determining, on the computing device, a reference distance between the computing device and each access point based on the transmission signals received from each corresponding access point; and identifying, on the computing device, rogue access points based on a reference distance between the computing device and each access point and a spatial distance between each access point and each other access point.
Example 20 includes the subject matter of example 19, and wherein receiving the unique identifier comprises receiving a media access control address of the corresponding access point.
Example 21 includes the subject matter of any one of examples 19 and 20, and wherein receiving the unique identifier includes receiving a beacon frame from each of a plurality of access points within communication range, the beacon frame including a media access control address.
Example 22 includes the subject matter of any of examples 19-21, and wherein determining the registered physical location comprises querying a location database based on a unique identifier of each access point.
Example 23 includes the subject matter of any of examples 19-22, and further comprising determining, on the computing device, a physical location of the computing device based on registered physical locations of access points of the plurality of access points other than the identified rogue access point.
Example 24 includes the subject matter of any of examples 19-23, and wherein determining the physical location of the computing device includes performing a trilateration algorithm.
Example 25 includes the subject matter of any one of examples 19-24, and wherein identifying rogue access points includes, for each access point, calculating a degree of correlation based on a correlation between a registered physical location of each access point and a transmission signal received from each access point by the computing device; and determining whether the access point is an illegal access point based on the calculated correlation.
Example 26 includes the subject matter of any of examples 19-25, and further comprising excluding, on the computing device, the rogue access point from the determination of the physical location of the computing device in response to identifying that the access point is not a rogue access point.
Example 27 includes the subject matter of any one of examples 19-26, and further comprising selecting a percentage of access points with a highest degree of correlation in response to identifying each access point as a rogue access point.
Example 28 includes the subject matter of any of examples 19-27, and wherein calculating the degree of correlation comprises initializing the degree of correlation and, for each other access point, determining whether a spatial distance between the access point and each other access point is greater than a sum of a reference distance between the access point and the computing device and a reference distance between each other access point and the computing device; decreasing the correlation in response to determining that the spatial distance between the access point and each of the other access points is greater than the sum; and increasing the correlation in response to determining that the spatial distance between the access point and each of the other access points is not greater than the sum.
Example 29 includes the subject matter of any of examples 19-29, and wherein identifying the access point as a rogue access point comprises identifying the access point as a rogue access point in response to determining that the corresponding degree of correlation is below a threshold.
Example 30 includes the subject matter of any of examples 19-29, and wherein identifying rogue access points comprises, for each access point, calculating a correlation in response to the computing device starting from its own motion at a previously recorded location exceeding a threshold.
Example 31 includes the subject matter of any one of examples 19-30, and wherein identifying rogue access points includes, for each access point, calculating a correlation in response to identifying more access points outside a predetermined security zone than access points within the predetermined security zone.
Example 32 includes the subject matter of any of examples 19-31, and further comprising retrieving, with the computing device, location data indicative of a previous location of the computing device at the first time; and calculating the motion of the computing device from the first time.
Example 33 includes the subject matter of any of examples 19-32, and further comprising determining, on the computing device, a velocity of the computing device, wherein calculating the motion of the computing device comprises calculating the motion of the computing device based on the determined velocity of the computing device.
Example 34 includes the subject matter of any of examples 19-33, and wherein identifying rogue access points includes, for each access point, determining a spatial distance between each access point and a previous location of the computing device.
Example 35 includes the subject matter of any of examples 19-34, and wherein identifying rogue access points includes, for each access point, determining a security zone for the access point based on a previous location of the computing device; determining whether the access point is within the secure zone; identifying the access point as an rogue access point in response to determining that (i) the access point is within the secure area and (ii) a reference distance between the access point and the computing device is less than the calculated motion subtracted from the spatial distance between the access point and the computing device; and identifying the access point as an rogue access point in response to determining that (i) the access point is outside the secure area and (ii) a reference distance between the access point and the computing device is less than a sum of the calculated motion and a spatial distance between the access point and the computing device.
Example 36 includes the subject matter of any of examples 19-35, and wherein determining the safe area comprises setting the safe area to an area within a predetermined radius of a previous location of the computing device.
Example 37 includes a computing device comprising a processor; and a memory having stored therein a plurality of instructions that, when executed by the processor, cause the computing device to perform any of the methods of examples 19-36.
Example 38 includes one or more machine-readable storage media comprising a plurality of instructions stored thereon that in response to being executed result in a computing device performing the method of any of examples 19-36.
Example 39 includes a computing device to identify rogue access points, the computing device including means to perform the method of any of examples 19-36.

Claims (14)

1. A computing device for identifying rogue access points having a true location different from a registered location, the computing device comprising:
a communication module to receive, from each of a plurality of access points within a communication range of the computing device, a unique identifier for each access point; and
a location determination module to (i) determine a registered physical location of each access point based on the unique identifier of each access point, (ii) determine a spatial distance between each access point and each other access point based on the registered physical locations of each access point and each other access point, (iii) determine a reference distance between the computing device and each corresponding access point based on transmission signals received from each access point, (iv) identify rogue access points based on the reference distance between the computing device and each access point and the spatial distance between each access point and each other access point, and (v) determine a physical location of the computing device based on registered physical locations of access points of the plurality of access points other than the identified rogue access points,
wherein identifying rogue access points comprises, for each access point:
calculating a degree of correlation based on a correlation between the registered physical location of each access point and the transmission signal received by the computing device from each access point; and
determining whether the access point is a rogue access point based on the calculated correlation,
wherein calculating the degree of correlation comprises initializing the degree of correlation and, for each other access point:
determining whether a spatial distance between the access point and the each other access point is greater than a sum of a reference distance between the access point and the computing device and a reference distance between the each other access point and the computing device;
reducing the degree of correlation in response to determining that the spatial distance between the access point and the each other access point is greater than the sum; and
increasing the degree of correlation in response to determining that the spatial distance between the access point and the each other access point is not greater than the sum.
2. The computing device of claim 1, wherein the communication module is to receive a beacon frame from each of the plurality of access points within the communication range, the beacon frame including a media access control address; and
wherein the unique identifier comprises a medium access control address of the corresponding access point.
3. The computing device of claim 2, wherein to determine the registered physical location comprises to query a location database based on a unique identifier of each access point.
4. The computing device of claim 1, wherein the location determination module is further to exclude rogue access points in the determination of the physical location of the computing device in response to identification of access points that are not rogue access points.
5. The computing device of claim 1, wherein the location determination module is to identify the access point as a rogue access point in response to determining that a corresponding degree of correlation is below a threshold.
6. A computing device for identifying rogue access points having a true location different from a registered location, the computing device comprising:
means for receiving a unique identifier for each access point from each of a plurality of access points within a communication range of the computing device;
means for determining a registered physical location of each access point based on the unique identifier of each access point;
means for determining a spatial distance between each access point and each other access point based on the registered physical locations of each access point and each other access point;
means for determining a reference distance between the computing device and each corresponding access point based on the transmission signal received from each access point;
means for identifying rogue access points based on the reference distance between the computing device and each access point and the spatial distance between each access point and each other access point; and
means for determining a physical location of the computing device based on registered physical locations of access points of the plurality of access points other than the identified rogue access point,
wherein the means for identifying the rogue access point comprises, for each access point:
means for calculating a degree of correlation based on a correlation between the registered physical location of each access point and the transmission signal received by the computing means from each access point; and
means for determining whether the access point is a rogue access point based on the calculated correlation,
wherein the means for calculating the degree of correlation comprises means for initializing the degree of correlation and comprises for each other access point:
means for determining whether a spatial distance between the access point and the each other access point is greater than a sum of a reference distance between the access point and the computing device and a reference distance between the each other access point and the computing device;
means for reducing the degree of correlation in response to determining that the spatial distance between the access point and the each other access point is greater than the sum; and
means for increasing the degree of correlation in response to determining that the spatial distance between the access point and the each other access point is not greater than the sum.
7. The computing device of claim 6, wherein the means for determining the registered physical location comprises means for querying a location database based on a unique identifier for each access point.
8. The computing device of claim 6, further comprising means for excluding rogue access points in the determination of the physical location of the computing device in response to identification of access points of the plurality of access points that are not rogue access points.
9. The computing device of claim 6, wherein the means for identifying rogue access points comprises, for each access point, means for calculating the degree of correlation in response to at least one of: (i) the movement of the computing device from being located at a previously recorded location exceeds a threshold or (ii) identifies more access points outside a predetermined security area than are within the predetermined security area.
10. The computing device of claim 6, further comprising:
means for retrieving location data indicative of a previous location of the computing device at a first time; and
means for calculating a motion of the computing device from the first time.
11. The computing device of claim 10, wherein to identify rogue access points comprises, for each access point, to determine a spatial distance between each access point and a previous location of the computing device.
12. The computing device of claim 11, wherein the means for identifying rogue access points comprises, for each access point:
means for determining a spatial distance at each access point from a previous location of the computing device;
means for determining a safe area of the access point based on a previous location of the computing device, the safe area being an area defined within a predetermined radius of a previous location of the computing device;
means for determining whether the access point is within the secure zone;
means for identifying the access point as a rogue access point in response to determining that (i) the access point is within the secure area and (ii) a reference distance between the access point and the computing device is less than subtracting the calculated motion from a spatial distance between the access point and the computing device; and
means for identifying the access point as an rogue access point in response to determining that (i) the access point is outside the secure area and (ii) the reference distance between the access point and the computing device is less than a sum of the calculated motion and the spatial distance between the access point and the computing device.
13. A method for identifying rogue access points on a computing device, the method comprising:
receiving, with the computing device, a unique identifier for each access point from each of a plurality of access points within a communication range of the computing device;
determining, on the computing device, a registered physical location of each access point based on the unique identifier of each access point;
determining, on the computing device, a spatial distance between each access point and each other access point based on the registered physical locations of each access point and each other access point;
determining, on the computing device, a reference distance between the computing device and each corresponding access point based on the transmission signal received from each access point;
identifying, on the computing device, rogue access points based on the reference distance between the computing device and each access point and the spatial distance between each access point and each other access point; and
determining a physical location of the computing device based on registered physical locations of access points of the plurality of access points other than the identified rogue access point,
wherein identifying the rogue access points comprises, for each access point:
calculating a degree of correlation based on a correlation between the registered physical location of each access point and the transmission signal received by the computing device from each access point; and
determining whether the access point is a rogue access point based on the calculated correlation,
wherein calculating the degree of correlation comprises initializing the degree of correlation and for each other access point:
determining whether a spatial distance between the access point and the each other access point is greater than a sum of a reference distance between the access point and the computing device and a reference distance between the each other access point and the computing device;
reducing the degree of correlation in response to determining that the spatial distance between the access point and the each other access point is greater than the sum; and
increasing the degree of correlation in response to determining that the spatial distance between the access point and the each other access point is not greater than the sum.
14. A machine-readable storage medium having stored thereon a plurality of instructions which, when executed by a computing device, cause the computing device to perform the method of claim 13.
CN201380077624.7A 2013-07-19 2013-07-19 Computing device, method and storage medium for identifying rogue access points Active CN106165506B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/079700 WO2015006979A1 (en) 2013-07-19 2013-07-19 Identification of rogue access points

Publications (2)

Publication Number Publication Date
CN106165506A CN106165506A (en) 2016-11-23
CN106165506B true CN106165506B (en) 2020-11-10

Family

ID=52345733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380077624.7A Active CN106165506B (en) 2013-07-19 2013-07-19 Computing device, method and storage medium for identifying rogue access points

Country Status (4)

Country Link
US (1) US9578458B2 (en)
EP (1) EP3022975A4 (en)
CN (1) CN106165506B (en)
WO (1) WO2015006979A1 (en)

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3123793B1 (en) * 2014-03-28 2020-05-20 Intel IP Corporation Method and apparatus for wi-fi location determination
US10039174B2 (en) 2014-08-11 2018-07-31 RAB Lighting Inc. Systems and methods for acknowledging broadcast messages in a wireless lighting control network
US10531545B2 (en) 2014-08-11 2020-01-07 RAB Lighting Inc. Commissioning a configurable user control device for a lighting control system
US10085328B2 (en) 2014-08-11 2018-09-25 RAB Lighting Inc. Wireless lighting control systems and methods
US9913201B1 (en) 2015-01-29 2018-03-06 Symantec Corporation Systems and methods for detecting potentially illegitimate wireless access points
US10148688B1 (en) 2015-02-09 2018-12-04 Symantec Corporation Systems and methods for detecting illegitimate devices on wireless networks
US9781604B1 (en) 2015-02-09 2017-10-03 Symantec Corporation Systems and methods for detecting illegitimate devices on wireless networks
US9730075B1 (en) 2015-02-09 2017-08-08 Symantec Corporation Systems and methods for detecting illegitimate devices on wireless networks
US9882931B1 (en) * 2015-02-18 2018-01-30 Symantec Corporation Systems and methods for detecting potentially illegitimate wireless access points
US9781601B1 (en) 2015-06-08 2017-10-03 Symantec Corporation Systems and methods for detecting potentially illegitimate wireless access points
CN106714094B (en) * 2015-07-20 2021-03-02 阿里巴巴集团控股有限公司 Data processing method, device and system
DE102015118152A1 (en) * 2015-10-23 2017-04-27 clownfisch information technology GmbH A method for determining a position of a mobile unit
US10009721B2 (en) * 2015-11-20 2018-06-26 Satellite Tracking Of People Llc Monitoring system and method with signal tampering detection
US9918224B1 (en) 2015-11-24 2018-03-13 Symantec Corporation Systems and methods for preventing computing devices from sending wireless probe packets
US9835709B2 (en) * 2016-02-02 2017-12-05 Bao Tran Systems and methods for permission based control of robots
US10291348B2 (en) * 2016-02-02 2019-05-14 Bao Tran Systems and methods for control of drones
US10348755B1 (en) 2016-06-30 2019-07-09 Symantec Corporation Systems and methods for detecting network security deficiencies on endpoint devices
CN106341818B (en) * 2016-09-30 2020-01-10 宇龙计算机通信科技(深圳)有限公司 Pseudo base station identification, communication and pseudo base station positioning method and device
US20180205749A1 (en) * 2017-01-18 2018-07-19 Qualcomm Incorporated Detecting A Rogue Access Point Using Network-Independent Machine Learning Models
CN107656260B (en) * 2017-08-29 2018-10-23 深圳市名通科技股份有限公司 Computational methods, terminal device and the storage medium of AP device space distances
US10911956B2 (en) * 2017-11-10 2021-02-02 Comcast Cable Communications, Llc Methods and systems to detect rogue hotspots
CN108391269B (en) * 2018-02-28 2020-12-01 南京铁道职业技术学院 Method for preventing AP equipment attack in wireless local area network
CN108712770A (en) * 2018-05-29 2018-10-26 四川斐讯信息技术有限公司 A kind of anti-loiter network method and system
US11122441B2 (en) * 2018-06-08 2021-09-14 Microsoft Technology Licensing, Llc Anomalous access point detection
EP3672311A1 (en) * 2018-12-20 2020-06-24 HERE Global B.V. Device-centric learning of manipulated positioning
EP3672310A1 (en) 2018-12-20 2020-06-24 HERE Global B.V. Identifying potentially manipulated radio signals and/or radio signal parameters based on radio map information
EP3672304A1 (en) 2018-12-20 2020-06-24 HERE Global B.V. Statistical analysis of mismatches for spoofing detection
EP3672185A1 (en) 2018-12-20 2020-06-24 HERE Global B.V. Identifying potentially manipulated radio signals and/or radio signal parameters
EP3671252A1 (en) 2018-12-20 2020-06-24 HERE Global B.V. Identifying potentially manipulated radio signals and/or radio signal parameters based on a first radio map information and a second radio map information
EP3671253A1 (en) 2018-12-20 2020-06-24 HERE Global B.V. Crowd-sourcing of potentially manipulated radio signals and/or radio signal parameters
EP3672305B1 (en) 2018-12-20 2023-10-25 HERE Global B.V. Enabling flexible provision of signature data of position data representing an estimated position
EP3671254A1 (en) 2018-12-20 2020-06-24 HERE Global B.V. Service for real-time spoofing/jamming/meaconing warning
US11463882B2 (en) 2019-04-18 2022-10-04 Sophos Limited Endpoint-controlled rogue AP avoidance + rogue AP detection using synchronized security
WO2022027203A1 (en) * 2020-08-03 2022-02-10 Nokia Shanghai Bell Co., Ltd. Identification of an invalid reference device in device positioning
CN115086053A (en) * 2022-06-23 2022-09-20 支付宝(杭州)信息技术有限公司 Method and system for identifying disguised device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1759631A (en) * 2003-02-14 2006-04-12 英特尔公司 Method and apparatus for estimating the location of a network client using a media access control address
CN1972520A (en) * 2005-10-05 2007-05-30 阿尔卡特公司 Rogue access point detection in wireless networks
CN101208965A (en) * 2005-02-22 2008-06-25 探空气球无线公司 Continuous data optimization in positioning system
CN101529936A (en) * 2006-10-19 2009-09-09 索尼株式会社 Position storage device, radio terminal, position storage system, position registering method, position update method, and program
CN102209381A (en) * 2011-05-18 2011-10-05 福建星网锐捷网络有限公司 Terminal positioning method in wireless local area network, apparatus thereof and network equipment
CN103067922A (en) * 2013-01-24 2013-04-24 中兴通讯股份有限公司 Method and system for preventing illegal access point in wireless local area network
CN103081545A (en) * 2010-07-08 2013-05-01 Sk电信有限公司 Method and device for discriminating positioning error using wireless LAN signal

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040055477A1 (en) * 2002-02-19 2004-03-25 Swank Phillip D. Rotisserie oven
US7382756B2 (en) * 2002-05-04 2008-06-03 Broadcom Corporation Integrated user and radio management in a wireless network environment
CN100502300C (en) * 2004-08-05 2009-06-17 Ut斯达康通讯有限公司 Method for detecting illegally cut-in point in radio local network
US7317914B2 (en) * 2004-09-24 2008-01-08 Microsoft Corporation Collaboratively locating disconnected clients and rogue access points in a wireless network
WO2007081356A2 (en) 2005-02-22 2007-07-19 Skyhook Wireless, Inc. Continuous data optimization in positioning system
US8531332B2 (en) * 2010-03-22 2013-09-10 Qualcomm Incorporated Anti-spoofing detection system
CN102438238A (en) * 2011-12-28 2012-05-02 武汉虹旭信息技术有限责任公司 Method for detecting illegal AP (Assembly Program) under centralized WLAN (Wireless Local Area Network) environment
CN103209411B (en) * 2012-01-17 2016-08-24 深圳市共进电子股份有限公司 The method and apparatus that wireless network anti-counterfeiting accesses

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1759631A (en) * 2003-02-14 2006-04-12 英特尔公司 Method and apparatus for estimating the location of a network client using a media access control address
CN101208965A (en) * 2005-02-22 2008-06-25 探空气球无线公司 Continuous data optimization in positioning system
CN1972520A (en) * 2005-10-05 2007-05-30 阿尔卡特公司 Rogue access point detection in wireless networks
CN101529936A (en) * 2006-10-19 2009-09-09 索尼株式会社 Position storage device, radio terminal, position storage system, position registering method, position update method, and program
CN103081545A (en) * 2010-07-08 2013-05-01 Sk电信有限公司 Method and device for discriminating positioning error using wireless LAN signal
CN102209381A (en) * 2011-05-18 2011-10-05 福建星网锐捷网络有限公司 Terminal positioning method in wireless local area network, apparatus thereof and network equipment
CN103067922A (en) * 2013-01-24 2013-04-24 中兴通讯股份有限公司 Method and system for preventing illegal access point in wireless local area network

Also Published As

Publication number Publication date
US20160192136A1 (en) 2016-06-30
US9578458B2 (en) 2017-02-21
WO2015006979A1 (en) 2015-01-22
EP3022975A4 (en) 2017-03-22
CN106165506A (en) 2016-11-23
EP3022975A1 (en) 2016-05-25

Similar Documents

Publication Publication Date Title
CN106165506B (en) Computing device, method and storage medium for identifying rogue access points
Narain et al. Inferring user routes and locations using zero-permission mobile sensors
Michalevsky et al. {PowerSpy}: Location Tracking Using Mobile Device Power Analysis
Jun et al. Social-Loc: Improving indoor localization with social sensing
US9154904B2 (en) Method and system for accurate straight line distance estimation between two communication devices
KR101922743B1 (en) Improved device location detection
US9880604B2 (en) Energy efficient location detection
KR102072095B1 (en) Identity authentication methods, devices, and systems
JP5708143B2 (en) Information processing apparatus, management method, and management program
CN104145490B (en) The cooperation discovery at the same level of another equipment in limit signal region and signal transmission
KR101599169B1 (en) Utilizing relationships between places of relevance
WO2013117146A1 (en) Method, system and device for searching a user in a social network
TWI729705B (en) Identity recognition preprocessing, identity recognition method and system, user mobile equipment, recognition server equipment, biometric collection equipment, recognition server and computer equipment
US9813605B2 (en) Apparatus, method, and program product for tracking items
US9320004B2 (en) Communication apparatus, control method for communication apparatus, and storage medium storing program
Chen et al. Indoor pedestrian tracking with sparse RSS fingerprints
JP5671632B2 (en) Apparatus, method, and computer program for detecting the possibility that a wireless transceiver has moved
Namiot et al. On the analysis of statistics of mobile visitors
JP6912271B2 (en) Device location management system and device location management server
JP6379305B1 (en) User context detection using mobile devices based on wireless signal characteristics
WO2017012482A1 (en) Data processing method, apparatus, and system
JP6314595B2 (en) POSITIONING DEVICE, POSITIONING SYSTEM, POSITIONING METHOD, AND POSITIONING PROGRAM
Silver An indoor localization system based on ble mesh network
Altoaimy et al. Mobility data verification for vehicle localization in vehicular ad hoc networks
KR101831250B1 (en) System for operating location based service using fixed terminal-mobile terminal and method therefor

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant